*Re: [PATCH 2/2] kernel/sysctl.c: define minmax conv functions in terms of non-minmax versions
2018-12-27 11:12 ` [PATCH 2/2] kernel/sysctl.c: define minmax conv functions in terms of non-minmax versions Zev Weiss
@ 2019-02-06 19:58 ` Luis Chamberlain
2019-02-07 12:34 ` [PATCH v2 0/3] sysctl: fix range-checking in do_proc_dointvec_minmax_conv() Zev Weiss
0 siblings, 1 reply; 12+ messages in thread
From: Luis Chamberlain @ 2019-02-06 19:58 UTC (permalink / raw)
To: Zev Weiss
Cc: Kees Cook, linux-kernel, linux-fsdevel, akpm, yzaikin, brendanhiggins
On Thu, Dec 27, 2018 at 05:12:30AM -0600, Zev Weiss wrote:
> do_proc_do[u]intvec_minmax_conv() had included open-coded versions of
> do_proc_do[u]intvec_conv(), though the signed one omitted the check
> that the value is in [INT_MIN, INT_MAX]. Rather than increase the
> duplication further by copying the additional check, we can instead
> refactor both to be defined in terms of their non-bounded counterparts
> (plus the added check).
The code below looks fine, however it is a rather intrusive check.
Let's isntead open code the new bound check and Cc stable, and then
after we can get creative with the wrapper use.
Can you confirm the open coded version fixes the issues, and then
the other change does not regress? If you can include an annotation
as to since *when* this was broken by annotating it on your CC stable
note it would be useful for stable maintainers. Likewise if you can
add a respective Fixes: tag that would be appreciated if you can easily
find it.
The stable tag annotation can be placed on top of all the tags, for
instance if the first broken commit was in v4.1 then:
Cc: <stable@vger.kernel.org> # v4.1+
Thanks for the fix and expanding on the tests!
Luis
^permalinkrawreply [flat|nested] 12+ messages in thread

*[PATCH v2 0/3] sysctl: fix range-checking in do_proc_dointvec_minmax_conv()
2019-02-06 19:58 ` Luis Chamberlain@ 2019-02-07 12:34 ` Zev Weiss
2019-02-07 12:34 ` [PATCH v2 1/3] test_sysctl: add tests for >32-bit values written to 32-bit integers Zev Weiss
` (4 more replies)0 siblings, 5 replies; 12+ messages in thread
From: Zev Weiss @ 2019-02-07 12:34 UTC (permalink / raw)
To: Luis Chamberlain, Kees Cook
Cc: linux-kernel, linux-fsdevel, Andrew Morton, yzaikin, brendanhiggins
Hello,
After being left with an unusable system after a typo executing
something like 'echo $((1<<24)) > /proc/sys/vm/max_map_count', I found
that do_proc_dointvec_minmax_conv() was missing a check to ensure that
the converted value actually fits in an int.
The first of the following patches enhances the sysctl selftest such
that it detects this problem; the second provides a minimal fix
(suitable for -stable) such that the selftest passes. The third patch
then performs a more thorough refactoring to eliminate the code
duplication that led to the bug in the first place (maintaining the
passing status of the selftest).
Changes in v2:
- Rearranged selftest to also test negative values and provide more
info in comments
- Added intermediate patch as a minimal fix for -stable without the
refactoring
Thanks,
Zev Weiss
^permalinkrawreply [flat|nested] 12+ messages in thread

*Re: [PATCH v2 0/3] sysctl: fix range-checking in do_proc_dointvec_minmax_conv()
2019-02-07 15:51 ` [PATCH v2 0/3] sysctl: fix range-checking in do_proc_dointvec_minmax_conv() Luis Chamberlain
@ 2019-02-07 16:54 ` Zev Weiss0 siblings, 0 replies; 12+ messages in thread
From: Zev Weiss @ 2019-02-07 16:54 UTC (permalink / raw)
To: Luis Chamberlain
Cc: Kees Cook, linux-kernel, linux-fsdevel, Andrew Morton, yzaikin,
brendanhiggins
On Thu, Feb 07, 2019 at 09:51:44AM CST, Luis Chamberlain wrote:
>On Thu, Feb 07, 2019 at 06:34:23AM -0600, Zev Weiss wrote:
>> Hello,
>>
>> After being left with an unusable system after a typo executing
>> something like 'echo $((1<<24)) > /proc/sys/vm/max_map_count', I found
>> that do_proc_dointvec_minmax_conv() was missing a check to ensure that
>> the converted value actually fits in an int.
>>
>> The first of the following patches enhances the sysctl selftest such
>> that it detects this problem; the second provides a minimal fix
>> (suitable for -stable) such that the selftest passes. The third patch
>> then performs a more thorough refactoring to eliminate the code
>> duplication that led to the bug in the first place (maintaining the
>> passing status of the selftest).
>>
>>
>> Changes in v2:
>> - Rearranged selftest to also test negative values and provide more
>> info in comments
>> - Added intermediate patch as a minimal fix for -stable without the
>> refactoring
>
>Thanks! For some reason I got all except the last patch, patch #3.
>Can you bounce me and others a copy?
>
> Luis
Hmm, odd -- it does seem like each time I use git-send-email I manage to
find a new way to botch it up, but in this case it *looks* like my
server logs indicate that one should have been sent properly as far as I
can tell. No matter, resent it manually anyway, hopefully it gets
through this time...(apologies if anyone gets duplicate copies).
Zev
^permalinkrawreply [flat|nested] 12+ messages in thread